Report - 1wriq.com/

Report Overview

Submitted URL
1wriq.com/
IP
190.115.24.78
ASN
#59692 IQWeb FZ-LLC
Submitted
2024-05-07 19:14:44
Access
public
Website Title
1win
Final URL
1wriq.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
214

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1wriq.com	unknown	unknown	No data	No data	3.2 kB	113 kB	190.115.24.78
1win.direct	unknown	2022-08-16	2022-08-16	2024-04-10	1.2 kB	468 B	134.122.54.186
imgproxy.1win-cdn.com	unknown	2022-12-12	2022-12-22	2024-04-30	13 kB	188 kB	104.21.75.209
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	399 B	4.9 kB	142.250.74.132
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-07	468 B	207 kB	142.250.74.99
www.google.no	25607	2001-02-26	2016-04-05	2024-05-07	584 B	578 B	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-06	820 B	420 B	216.239.34.36
1win-cdn.com	unknown	2022-12-12	2022-12-12	2024-04-30	49 kB	3.8 MB	154.197.121.128
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	1.8 kB	533 kB	142.250.74.168
d16q5vvir3f28d.cloudfront.net	unknown	2008-04-25	2024-01-17	2024-04-30	449 B	4.4 kB	143.204.42.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1wriq.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1wriq.com	Sinkholed
2024-05-07	medium	1wriq.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1wriq.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1wriq.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed
2024-05-07	medium	1win-cdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (81)

	URL	Size	First Seen	Last Seen
	1win-cdn.com/js/10400.f146ec26b.js	10 kB	2024-04-23	2024-05-14
Pretty URL 1win-cdn.com/js/10400.f146ec26b.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 21:53:40 Last Seen2024-05-14 20:25:18 Times Seen110 Hash 15eac69773e4a58c28d83941ba68a74d d7a102d8e5b17065207de75d40e50e4406ff6e4a 57cf3cf3d84271aa5926a0aea38039976c7778b8cf9e182e3b1412211339994b Loading...

	1win-cdn.com/js/58988.1061f60b1.js	58 kB	2024-05-07	2024-05-14
Pretty URL 1win-cdn.com/js/58988.1061f60b1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-14 20:25:16 Times Seen29 Hash 00a0e92fe0516c2348f0d32d0f24e188 ae4c653dc67c0d7f603c2211595dca6b3428dd52 e3fb67b98f4011aeea175d52497fe529b2a1e9df2666dd000b28fa8942950f47 Loading...

	unknown	316 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 51e2b24c7620b63ffea046457fbc4af5 d9bcd9eb3b1a690e47f50fa5ba6383b3bc53b1a6 147b62c7a4294c2c35bc4030c5fd6ad0601b851f35879596b29e4215a3d63cc6 Loading...

	1wriq.com/	398 kB	2024-05-07	2024-05-07
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 21:14:52 Last Seen2024-05-07 21:14:53 Times Seen2 Hash 593c0cf5d48bd1b929c34217628e0b94 b3ef95cfb03a4ca9af687cbdc7fa0e05cc04354b d9d8d2352b972d541ede1b5e536f6c3a54433df3ad590221506396faa00efe5b Loading...

	1win-cdn.com/js/desktop.9b5c75c67.js	136 kB	2024-05-07	2024-05-08
Pretty URL 1win-cdn.com/js/desktop.9b5c75c67.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-08 11:06:09 Times Seen7 Hash 9eebcb6129446dab979c616c8120ceb5 d603f59235b73fd8095b3c3603d2df07b7595114 fa71e514244054c26beabc7e01ded735bea5c36ed6f7bad606e3272a74a161f8 Loading...

	1win-cdn.com/js/33700.8f8589382.js	992 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/33700.8f8589382.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen436 Hash cca468f1fe1bebf60fb88dadcdb78142 a7c820f160c6a07b014972f8aa63e9b38f6b7ec3 0093434135f55115e84e92ac20ecc0af0ff6f9e200cc6cedbbb9d52c3504d678 Loading...

	unknown	199 B	2024-05-07	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-08 11:06:08 Times Seen4 Hash f60304311a7fe44da848c15482f735f0 b270885bb9b6c9eade3c3ff2684b7bf6a185a503 38d2ec95c9c01eb816de19285565cf5a7ed143b077681aabe4d1bbfa0f048c3e Loading...

	unknown	351 B	2023-10-25	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 01:40:40 Last Seen2024-05-16 16:24:10 Times Seen127 Hash 50725e8bd51942770349d377e402887e 6fc749ca36fea5616e06fad9c3d730b40501ef97 480c402fbf1153a0a745e8cd392330a938c972ee0302364e3a252fd90c58f719 Loading...

	1win-cdn.com/js/20420.30b3c996e.js	573 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/20420.30b3c996e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen443 Hash f5d89fb15e17f73b8c6bf23ec49acf32 451fa7acd3e8f232c6d8e5a9e2685226771fbb41 a763f290f9b6982825ca91925709d7ba82ca508514f91786fa29c44b4afa763a Loading...

	1wriq.com/	275 B	2024-05-07	2024-05-07
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 21:14:52 Last Seen2024-05-07 21:14:53 Times Seen2 Hash b445adf768861177d3ac8b3b7d3a87c7 a56a4cb1b18fd1fa782daef5fd03507b463e1ba5 427a62c1d2632f0d0fc83c7e89af68560b3e2559f0c3ef7f9cda46ed17e99209 Loading...

	1wriq.com/core-js/3.33.3/minified.js	244 kB	2023-11-30	2024-05-18
Pretty URL 1wriq.com/core-js/3.33.3/minified.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06:40 Last Seen2024-05-18 23:44:03 Times Seen412 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1wriq.com/	25 B	2023-07-19	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-18 23:44:03 Times Seen804 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1win-cdn.com/js/37061.57ea53f4c.js	25 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/37061.57ea53f4c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 23:59:52 Last Seen2024-05-18 23:44:03 Times Seen122 Hash de6e0b19135b6714ea2184522788b0cb 0ef4cc5a6d0f2da9e4f29efdeef574fc55e04242 43ffcac2b1cb66acc051e53facf49692a2dbeca50e872059c1135f0fb39867aa Loading...

	1win-cdn.com/js/62692.9dadb7398.js	847 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/62692.9dadb7398.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 23:44:04 Times Seen452 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	1win-cdn.com/js/icons-pack-social.4455053b1.js	26 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-social.4455053b1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-18 23:44:03 Times Seen120 Hash 1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb Loading...

	1win-cdn.com/js/18860.cc0fd1e0e.js	28 kB	2024-04-18	2024-05-18
Pretty URL 1win-cdn.com/js/18860.cc0fd1e0e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-18 23:44:03 Times Seen207 Hash 4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e Loading...

	1win-cdn.com/js/21758.f5e1da622.js	415 kB	2024-05-07	2024-05-07
Pretty URL 1win-cdn.com/js/21758.f5e1da622.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:53 Times Seen2 Hash b47b6bab3eeb4438daea4408efdce9ac 0fd41e6fa0f7fc6676852c5e85d7b4490df7f7fb 49708455e5101ab15f3e358aebc2070b5b76221361bf5ab1d303927cae0831e3 Loading...

	unknown	562 B	2023-10-13	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 04:25:37 Last Seen2024-05-18 23:44:03 Times Seen649 Hash e35abe00e44b33a732fe04616d6d661a 9031f203ada1d67c9757e77d999b4b7f14fa708b e4c05446119bc3a162949df6dbac62fb9dd051be503964869331860255ae16f0 Loading...

	1win-cdn.com/js/39061.47d3b467c.js	92 kB	2024-04-18	2024-05-14
Pretty URL 1win-cdn.com/js/39061.47d3b467c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-14 08:17:26 Times Seen103 Hash 83d4506e6f678aff3759f690c86c3f13 8419680dd653fa9af4ac1c81de16cd11e312ad66 9f7b5ebb4189e668f5f375ff48dc4821fffacf9b3881159702486e689c87cd72 Loading...

	1win-cdn.com/js/46665.703cfe1de.js	1.0 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/46665.703cfe1de.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen443 Hash a8e8453b85165d96566b9b00409adb90 ba4c50613470a3fc260501bdc9fedad671c0c21b c7909ffee12406973b236af27c311a6b83d035e1b134ff32a56c918195194c1b Loading...

	1wriq.com/	5.0 kB	2024-05-03	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-18 23:44:03 Times Seen70 Hash bfbec13abf687324d384873ac418bc73 f6058c01634ffc9a756dba5352b5044daf1df6a7 5f1f26b2b510665b395d61f61237b2a5d562554a423aa9fe4075ddb021b448ed Loading...

	1wriq.com/	87 B	2023-07-19	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-18 23:44:03 Times Seen808 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	1win-cdn.com/js/91635.a2db5f817.js	748 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/91635.a2db5f817.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen445 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	1win-cdn.com/js/28852.501b5fba6.js	906 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/28852.501b5fba6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen448 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	1win-cdn.com/js/1279.7681fe15f.js	911 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/1279.7681fe15f.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen451 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	unknown	351 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen50 Hash 854bbeef4da4e7f355ea80cd06cbb31d 45545b24df55eea5636382d66a348963a537d0d4 c66f458f84b04a73b2c8df2238388d0241f720405d8347bb7c0286a9c6ad22e9 Loading...

	1wriq.com/	524 B	2023-10-13	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25:36 Last Seen2024-05-18 23:44:03 Times Seen652 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1win-cdn.com/js/index.52fa365b9.js	201 kB	2024-05-07	2024-05-07
Pretty URL 1win-cdn.com/js/index.52fa365b9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:53 Times Seen2 Hash 96bbba01c634781b8bd832a848f96fc6 8d6685cb861f0796dcce4d47ee9c3ca81a9f24ca ca1b8a8f6a30963b0dabf0b1ae832191fb3a9e9f802b8539fb1c80a763e0196d Loading...

	1win-cdn.com/js/54591.6225c61c0.js	8.4 kB	2024-04-24	2024-05-14
Pretty URL 1win-cdn.com/js/54591.6225c61c0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-14 20:25:15 Times Seen63 Hash cd9b599cb5d9c7f7fa861c205c7659f5 ed2725067adaac8ab0ddffd9693e58e62f4155dd 935727da6ceae568c8cb49e0512bc748bb872607fded637adc8b5f78f66df35e Loading...

	1win-cdn.com/js/90511.4bc374431.js	637 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/90511.4bc374431.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen449 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	1win-cdn.com/js/35967.a72ac7974.js	958 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/35967.a72ac7974.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 23:44:03 Times Seen336 Hash 9806bcc449ce96d93fe65bcffdc05c40 1a041edc174e43e94299ee18ebdb25b7b49b3036 56aec7b45747b8a8d71302ffa3af8d1f05dda5ae85e3dcc26905549c63c251a6 Loading...

	1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js	121 kB	2024-04-13	2024-05-16
Pretty URL 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:19:49 Last Seen2024-05-16 16:24:12 Times Seen183 Hash 3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026 Loading...

	1win-cdn.com/js/58258.98332d90c.js	2.7 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/58258.98332d90c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen330 Hash 429e788491131cf7a26b1e1b4b80ee2e f03316b5749e994f600acf4730886b5be0d136f8 30993561b31b29a22b8b7e999f66952c341241534c5494303bcb8bc07b5ad3e3 Loading...

	1win-cdn.com/js/8653.ed7806659.js	952 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/8653.ed7806659.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen342 Hash 6cb37362c9f47f9da06554dee435ff92 e34a75d99c356fe77ecca00e4bf6ce46fbe51e6c 8c951bf88d9566dc954964f5498e4acc49f3080391c11c96500964f87ddf701d Loading...

	unknown	347 B	2023-06-26	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-16 16:24:11 Times Seen904 Hash 150b71f7dde92027aee8fc8db2fcd0b3 faf9f0f6c34b25828fd97f37fa6b88152e55580d e9f6609639ac5f436c82395dfd4f3b3050e9140ad66b83ab152c5c829234406b Loading...

	1win-cdn.com/js/57460.093f52cba.js	438 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/57460.093f52cba.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen436 Hash 3940ad901c872d13b3f221d5d1753c90 d9543432f353b875d90ba22a0fe5d7edf3870d12 ffea5f4a3b9b89527a8eaa3be89086ffcb058b987b84dd614f314ec461a7b601 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	263 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:55 Times Seen4 Hash ca55c42c7aeff4a88b0fa0c7c263bdff ac46877b13c8a160d8d5aaa2bc95d519034f37ed c30d38cda918e8cdd2d914d56be3ca655a4f8fddef470e189d61a5c20c938de3 Loading...

	1wriq.com/	113 B	2024-05-07	2024-05-07
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:53 Times Seen2 Hash 393cb23f6d71518c12e7bd18f52e2761 7fab32d7bf400d41e9f2f99638d0d1ff12d96297 f2f87f5c16a33881e27ae5b0a44a0684a25d70cb463323a2d020a62ed0ce577b Loading...

	1win-cdn.com/js/745.ca3fa56a5.js	24 kB	2024-04-26	2024-05-08
Pretty URL 1win-cdn.com/js/745.ca3fa56a5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-08 11:06:08 Times Seen31 Hash 295f0fd17b3fd8ad75db3d11e790de15 c96e411c7da299aa3660173cba7874561973b0aa 5fb69d4aecb170827b41f0df0a7dbde4f683da6f32ec5032c5274e19c0d97a44 Loading...

	1win-cdn.com/js/41543.9ecf6875c.js	695 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/41543.9ecf6875c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen348 Hash 48813f2325a439cb966c5096fc8a810a fb44ed9fb85edbd34701708c1fa10cfaa3f07bcd de64ce06fbb042ecead3cf7684326db4f0c50ac26ba91a99d3399f7de24f6ded Loading...

	unknown	409 B	2023-03-10	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-19 08:20:03 Times Seen1490 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	1win-cdn.com/js/46719.c1d2eb9c5.js	527 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/46719.c1d2eb9c5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 23:44:04 Times Seen325 Hash 4aed1e3e32871424dc1c549529ea26b8 1d2f8b2c24659b65a6c8fd249b156d8f668d46fa 579590204e7c01d12d85ed9d70750b3260a0212c70a9fdb264bce2a83449721a Loading...

	1win-cdn.com/js/78449.1776bac9f.js	786 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/78449.1776bac9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 23:44:03 Times Seen456 Hash c9e05b247ec4862225558c72b113350d 7708f2815c38e06b3f5ed4e9c6c98622b69e3f4a ba979bcf79cb56027207dfba2cb71ac9b41ad1f38b55a0977f72091dddaa6486 Loading...

	1win-cdn.com/js/57552.ee60d28a1.js	75 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/57552.ee60d28a1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-18 23:44:03 Times Seen126 Hash 3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff Loading...

	1win-cdn.com/js/86359.48c462178.js	634 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/86359.48c462178.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 23:44:03 Times Seen438 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	1win-cdn.com/js/48430.9af74daeb.js	1.2 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/48430.9af74daeb.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen451 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	366 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:54 Times Seen2 Hash 6d4aff259dc2df28cef60a49593871a5 aece63e2d86852fb4e5a010e21385b118df23231 ebb654dc972dd3ca25c9d461c43bbca083a741541207215b3c897c065dcc4cb2 Loading...

	unknown	351 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 003a98f80ebb1ce49eec0dc541b1f6cc b2e5d2f6337980e0706fd4f3b5934312ebb1126d 49340d31db7e883167a7e4feb1636ee431aca49bd18316d9842b82b43776a454 Loading...

	unknown	280 B	2023-09-09	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-09 23:12:45 Last Seen2024-05-14 18:26:10 Times Seen625 Hash ccf8800179f76f96ab5ee9e2c31b34c9 bc8b036511560d2555772f2e5ce950ddc183fe1f 04598a52f743aceb0cd6af79dfa45e23b4f05f205f5c3814962e56a0225b90a1 Loading...

	1win-cdn.com/js/63502.d79807f7c.js	135 kB	2024-05-02	2024-05-14
Pretty URL 1win-cdn.com/js/63502.d79807f7c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:26:19 Last Seen2024-05-14 20:25:15 Times Seen95 Hash a96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c Loading...

	1wriq.com/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-18
Pretty URL 1wriq.com/firebase/8.1.1/firebase-messaging.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-18 23:44:04 Times Seen2212 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	1win-cdn.com/js/31310.c605a9b9f.js	528 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/31310.c605a9b9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen453 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	1win-cdn.com/js/icons-pack-home.d21abec30.js	19 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-home.d21abec30.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen526 Hash 325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf Loading...

	unknown	456 B	2024-04-18	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-18 23:44:04 Times Seen119 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

	1wriq.com/	168 B	2023-12-28	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15:05 Last Seen2024-05-18 23:44:03 Times Seen318 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1wriq.com/	4.2 kB	2024-03-30	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-18 23:44:03 Times Seen134 Hash f03d5c5d4651c5185cf95e29770acbf4 d228cd1a34da6c7d7a6fc2c3b3691d3578bd92f4 5ba081585bdcc91f38ed16b0cbdbf9dbfb3aef0886a4afa935f0a08ddf467088 Loading...

	1wriq.com/	4.9 kB	2024-01-25	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 13:18:38 Last Seen2024-05-18 23:44:03 Times Seen238 Hash e39e4e132bab588b54ac8c01ee1cb792 507d529821627dea59889e1d2557482357d13902 26314cf2ae26676e29acce35b798159216131c0d472c11651870d02526f9d210 Loading...

	1win-cdn.com/js/91217.fc8dbcaea.js	828 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/91217.fc8dbcaea.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen448 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	1win-cdn.com/js/62825.cf3a1caf6.js	736 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/62825.cf3a1caf6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen351 Hash 28e8d81ce74785fd3e402ba70f30570e ac5e4809cee47c9ac0f08221da5ab8358986d564 a7928d556c13082bd24d471ea1824a8771b146b4010e05159c35dddc32927c18 Loading...

	1win-cdn.com/js/88971.a170f9f22.js	529 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/88971.a170f9f22.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen318 Hash 88e4f6d7cb0faf6b16c158636a8553bf 357a27adf1b5615ee1897f13e0de0344254d9bea ad7459bd9492984b70993c16807c05a1b962c1e366d793cdd5646259f02b34c2 Loading...

	1win-cdn.com/js/48357.2f661a8c9.js	9.6 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/48357.2f661a8c9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-18 23:44:04 Times Seen69 Hash 6427c264e7bcd06afdffbb01534234c3 fc59a1bdce2fb3714732cdaa9ade074fc83e6136 2ce78d8f281221794ac114e49290c0b3e24a5d9cfb18b96f0f47c105747147bd Loading...

	www.google.com/recaptcha/api.js	850 B	2024-04-24	2024-05-08
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:35:35 Last Seen2024-05-08 15:55:32 Times Seen1408 Hash ee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	204 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-07 21:14:55 Times Seen2 Hash 073d00136e5a4176d045319b594ab3d6 6bada167172c19a1038931378565b6272f5c72f3 ae4a7101f019c8f4ce93c31bc1ea9a387296a20df9169cf331d73e7c03ff877a Loading...

	1wriq.com/	482 B	2024-03-30	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-18 23:44:04 Times Seen133 Hash bc24bbddaf09063aa5f8250aaa64f3d8 293f3dc4dff618fa2ce2cffd58b484ff36b79d63 464c0d2eb75f1905f967d1fc1a4809f063a3085f56f76d231234d78bb28d698f Loading...

	1wriq.com/	270 B	2024-03-30	2024-05-18
Pretty URL 1wriq.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:19 Last Seen2024-05-18 23:44:04 Times Seen130 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	1win-cdn.com/js/57652.297e4ecc2.js	647 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/57652.297e4ecc2.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen446 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	unknown	320 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen51 Hash 4a3cee776b59bbcab837381d996ca47b 7117afc5c4f794658c2749d78bc3ec121b9cca02 ab0398c10ed50c9ddc450035ddbb1a62aef3bce3816ee9fdfec26ae40d949a14 Loading...

	1win-cdn.com/js/chunk-vendors.84f8d8042.js	244 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/chunk-vendors.84f8d8042.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 04:23:34 Last Seen2024-05-18 23:44:03 Times Seen143 Hash bf6401b0dfe9edb44c1316084aec2571 f8be08eb40e34c5fc52836f090309c15946a5246 d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47 Loading...

	1wriq.com/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-05-18
Pretty URL 1wriq.com/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-18 23:44:04 Times Seen2205 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	1win-cdn.com/js/38209.ce0dbb534.js	1.3 kB	2024-02-20	2024-05-18
Pretty URL 1win-cdn.com/js/38209.ce0dbb534.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:49 Last Seen2024-05-18 23:44:03 Times Seen172 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:11 Times Seen116 Hash 604b6a04bbd64c0897092ed7e30023bd 135732431cb91633a7fd90695a1ed085247b9564 02ddf8ff988206010b70dd08d64c44f99fbb459d3ae4cf60e41ded1cf1a995a0 Loading...

	1win-cdn.com/js/chunk-common.7acc5f8d8.js	191 kB	2024-05-07	2024-05-08
Pretty URL 1win-cdn.com/js/chunk-common.7acc5f8d8.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-08 11:06:08 Times Seen4 Hash 1a0b11e2111901eb99cb8d80a39ae67d a9a0d8bbdae721caa1800ac26a10082dbfa2d124 78e351f93f809ea8beef1f36ba42783f729bfbce916a134a355ae0290c4f2757 Loading...

	1win-cdn.com/js/44101.cd5168bbb.js	33 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/44101.cd5168bbb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:59 Last Seen2024-05-18 23:44:04 Times Seen142 Hash 64fb718df447a3a994dcc6f6030b0488 6d312ce281fb912b3ff51e28e46239d55a7b7e8c fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932 Loading...

	1win-cdn.com/js/8726.6a357273b.js	664 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/8726.6a357273b.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:04 Times Seen429 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:10 Times Seen117 Hash b2cb4c2391077a9866f15278e2f22e28 b3c7c896176736a5c7964d09571b1d3db0a26a11 52ba3ec64c619c6ff3388e641a53b7e58ca9e9d92fab48f4da1128a3dba9de15 Loading...

	1win-cdn.com/js/icons-pack-casino.fd47961dc.js	91 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-casino.fd47961dc.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 23:44:03 Times Seen752 Hash caf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c Loading...

	www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js	518 kB	2024-04-24	2024-05-15
Pretty URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:18:30 Last Seen2024-05-15 19:10:18 Times Seen9003 Hash e2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b Loading...

	1win-cdn.com/js/32005.5701eb106.js	9.3 kB	2024-05-07	2024-05-18
Pretty URL 1win-cdn.com/js/32005.5701eb106.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:52 Last Seen2024-05-18 23:44:04 Times Seen55 Hash 1fefe270c6ad1d582d8d3a9b5e0f4ba5 f40d1b45cd1b557e0dc683049f1476dd1b43993d 07e6355d73ec40ac0c272dd48e0679af4edf782cae6c0b5c9c9c2cbbf585e9ba Loading...

	unknown	421 B	2023-03-12	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-19 08:20:03 Times Seen1490 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	253 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:54 Last Seen2024-05-07 21:14:55 Times Seen2 Hash 017da21e12b5beed16e57ab5552ff731 a69660caddfaa212852da83ba81dac3bf5ec7737 2ab972a7a883e10683a0f0e5506c1155de731c7733f9b5bc03e25b5d5cae031b Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-19
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-19 08:20:03 Times Seen823 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (118)

URL IP Response Size

1wriq.com/core-js/3.33.3/minified.js

190.115.24.78

87 kB

URL
1wriq.com/core-js/3.33.3/minified.js
IP
190.115.24.78:0
ASN
#59692 IQWeb FZ-LLC

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31999)
Size
87 kB (87332 bytes)
Hash
38facf849f100d0fe6269a53a7bca451
9bb69f981438d48b093bd1eb673885476b4932f0
ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wriq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __ddg1_=YlPDaTXYLBrCsVX3RHIG
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 11:25:40 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 09:07:34 GMT
etag: W/"6639ef56-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
age: 28114
content-length: 87332
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

33 kB

URL
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wriq.com/
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-8128"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=_LZMUCypURThWm0IcbUren46fXPVvQFn2ZUtxCos_sc-1715109254-1.0.1.1-24sfSUI9waxSGlEeBEjrqfTL3fxiGW47Ivy5X9GM5I6296I1mXVyn_jLdcdhA9iU24kmZ3yZaKC.LCKS46ujdQ; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038828fe1f0b51-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

44 kB

URL
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wriq.com/
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-a9f8"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=CKgJ3PK5lO9V67MpR_eLpJ6P6JayAjax.Q9V0QiTqNw-1715109254-1.0.1.1-hQza6ciVTUnRTE3RVUqBlJglk9CW9ej.PRPw2ckfCbuK_iYHlGK3uTU8otCHs08YVqmQRvUNS.zdWMdSzbreTA; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388290e480b51-OSL
X-Firefox-Spdy: h2

1win-cdn.com/css/index.fd224ee8e.css

154.197.121.128

200 OK

1.6 kB

URL GET HTTP/2
1win-cdn.com/css/index.fd224ee8e.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
1.6 kB (1585 bytes)
Hash
5ac61c33b307d246a06dd6a58cfc387e
070b9a94b84358dd69a7041669bda3f0af0e8ec1
16f5fffe1ea6a79f5bb23e40e1e74f7b5400c80a1b453340087afed95ac840ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614489
set-cookie: __cf_bm=My0OaRxEBm8vnIea42TeGMYw0Fyx8qL36fRwSZqmfzU-1715109254-1.0.1.1-XgQWDQr11D5caixl9Xtd7JeN.7vJXmfK53guKWyY5OqCGRo7QKOAPh123vgJRwRVxyclnMVkYslc_RccKvsAkg; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388291f4d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket

134.122.54.186

0 B

URL
1win.direct/v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wriq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5xlWa9ep6/X+hedM3kA1oQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: 4tG1tzVPHcBMziOCeVy1mjAeHpM=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=80f33266e584518e; Path=/; HttpOnly
Upgrade: websocket

1wriq.com/firebase/8.1.1/firebase-app.js

190.115.24.78

7.1 kB

URL
1wriq.com/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:0
ASN
#59692 IQWeb FZ-LLC

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
7.1 kB (7132 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wriq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __ddg1_=YlPDaTXYLBrCsVX3RHIG; visit_domain=1wriq.com; core-sticky=http://10.233.69.200:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmZDM0MjQ0Ni1iZTIxLTQwMDctOThjYS0yYjU3NmExYTY5NGUlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTA5MjU1MzAxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTEwOTI1NTMzOSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 11:25:44 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 09:07:34 GMT
etag: W/"6639ef56-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
age: 28111
content-length: 7132
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wriq.com/firebase/8.1.1/firebase-messaging.js

190.115.24.78

12 kB

URL
1wriq.com/firebase/8.1.1/firebase-messaging.js
IP
190.115.24.78:0
ASN
#59692 IQWeb FZ-LLC

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
12 kB (12203 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wriq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __ddg1_=YlPDaTXYLBrCsVX3RHIG; visit_domain=1wriq.com; core-sticky=http://10.233.69.200:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmZDM0MjQ0Ni1iZTIxLTQwMDctOThjYS0yYjU3NmExYTY5NGUlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTA5MjU1MzAxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTEwOTI1NTMzOSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 11:25:44 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 09:07:34 GMT
etag: W/"6639ef56-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
age: 28111
content-length: 12203
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/js/10400.f146ec26b.js

154.197.121.128

4.0 kB

URL
1win-cdn.com/js/10400.f146ec26b.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
4.0 kB (3965 bytes)
Hash
d3e4ad7eb85bdaa2efb1ab43f3418b3d
924a42f8aea5ae735a9562d5ba29f51e0dacc44e
e545643c3b02fc5686d4553ee6a44efd153903ec289b800cafabe6510d48cc09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/10400.f146ec26b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-27f3"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 123386
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ffb8b5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

106 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (50345)
Size
106 kB (106355 bytes)
Hash
6d4aff259dc2df28cef60a49593871a5
aece63e2d86852fb4e5a010e21385b118df23231
ebb654dc972dd3ca25c9d461c43bbca083a741541207215b3c897c065dcc4cb2

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:15 GMT
expires: Tue, 07 May 2024 19:14:15 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 18:55:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106355
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb068-151.png

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced
Size
5.6 kB (5600 bytes)
Hash
a804ad67f4add53f8c251c2ebc80469d
4108aeab2f7a7c3720885edeb445e6131a383a49
06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-1a4c"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 2629
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831cead5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/54591.6225c61c0.js

154.197.121.128

4.0 kB

URL
1win-cdn.com/js/54591.6225c61c0.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
4.0 kB (3978 bytes)
Hash
b4cd27a6af86c0045f887e0577bcc1c1
e695e3ad8cfbea9a9cc4ab7a49568b75d4d1895f
e0933505df2ca4154c288c91ee1c1f04928ec034cf257b50c15910df32d3b143

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/54591.6225c61c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-2100"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 109650
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388306c495687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62692.9dadb7398.js

154.197.121.128

1.0 kB

URL
1win-cdn.com/js/62692.9dadb7398.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
1.0 kB (1032 bytes)
Hash
b3fbec6e9ffff14a687b7d2f5f75e105
039e426e0c759df6579a57ac403ef32a1546c959
c133ddd5274f24dd3470bed2b860fd3544703c0c0c256e170b10a17e103fe2f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038830fd4d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png

154.197.121.128

20 kB

URL
1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced
Size
20 kB (19467 bytes)
Hash
b924bd42443557a1ef9d41f043ddf175
a9db601e2941557cba7e3e688390aa43e8411e2e
8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-5414"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 895
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883278025687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/31310.c605a9b9f.js

154.197.121.128

58 kB

URL
1win-cdn.com/js/31310.c605a9b9f.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
58 kB (58478 bytes)
Hash
dc9197f228c166a902e4358b5d03676e
2a8d82a486013e212e62ba0fb905a0870bc4b237
fc3842057533d9642d02b216b59fc9b5afe3cf5360ca59a4e6a26cf8693621f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614089
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831dec75687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png

104.21.75.209

50 kB

URL
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 362 x 429, 8-bit colormap, non-interlaced
Size
50 kB (49865 bytes)
Hash
b0b99e0a3f5f6fc44052e30eae903c63
822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a
e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWMyMGQi"
x-request-id: 9_ruTBS0Tkm7jz1RUzGRw
cf-cache-status: HIT
age: 594974
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BdV6Ufa9okxipQm78AJx5BCQKNzNDsVNNsuVAJgU6dpMgik9GUZAO5uUgOqXZAy1GLuc2hnEEuqKn80QAEYkGnfAGi7lDSWit5ZEFQkn7zfM106gS%2BBu%2FCLOMLx%2BpdA1CxJLfR4xf0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388328d9156b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/58258.98332d90c.js

154.197.121.128

6.9 kB

URL
1win-cdn.com/js/58258.98332d90c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
6.9 kB (6908 bytes)
Hash
8cb908b42811595df911c47216a09d57
ea957a55021fdee6bb84585a465c86de68455e7c
7537543cd0fad8a062422a279729d15dbcd1c204a4828b32a817dae93ce8dfa4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Fri, 05 May 2034 19:14:16 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 606900
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832c8fb5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

4.4 kB

URL
www.google.com/recaptcha/api.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data
Size
4.4 kB (4442 bytes)
Hash
8956bad02bc2d15ff9c95119fd6c661b
43adb00b09b347a65bd5e70020740a36794a03bf
1d76569491bdc9b7f672f32e91beab9b59ba37f2ff721c83aeb2cbecb1e19ebb

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 07 May 2024 19:14:15 GMT
date: Tue, 07 May 2024 19:14:15 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/css/58988.a289e8e93.css

154.197.121.128

44 kB

URL
1win-cdn.com/css/58988.a289e8e93.css
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
44 kB (43537 bytes)
Hash
c1497a8c39024a32c60147097dff3d10
1020d4a195792aeb028a4e2384d179bcf302284e
a920945907643c8cbf9f9473fed9e3ce701188c5940faf874afa7732a52fb90b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/58988.a289e8e93.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-af48"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 16722
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388300b995687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/38209.ce0dbb534.js

154.197.121.128

200 OK

721 kB

URL GET HTTP/2
1win-cdn.com/js/38209.ce0dbb534.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
721 kB (721394 bytes)
Hash
cde33db1dc41bc519fecc7bec885c343
7c67f349c2c74d5f7e493503b7eb6e9049efb3fa
18be7b863d7f51e8b5104a841eb8f7e03fe3d2c16dca4feda780b8903f762175

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601243
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831cea75687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp

154.197.121.128

354 kB

URL
1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image
Size
354 kB (353842 bytes)
Hash
8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 353842
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 132
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038833baed5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/32005.5701eb106.js

154.197.121.128

22 kB

URL
1win-cdn.com/js/32005.5701eb106.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
22 kB (22541 bytes)
Hash
558c27c890af91805502d257a65f169f
5c19118c75af73791c187cf9d534ea06ffcd95e1
96fdd1b2f249c0de3a3ddbff962221674cfce09a45540ef053597e0226bc0a0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/32005.5701eb106.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-2428"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 21083
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ffb825687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/86359.48c462178.js

154.197.121.128

16 kB

URL
1win-cdn.com/js/86359.48c462178.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
16 kB (16365 bytes)
Hash
67850c69dbdea90362de034e0301b836
8d0c7298b9ba744445dd68b3b1071ad376aa3f3b
1ec4b1c3955a6d2f06e21d9dd73eabd115b549bf278263fc33445224b1930f02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 600477
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831ceaf5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png

154.197.121.128

9.4 kB

URL
1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
9.4 kB (9422 bytes)
Hash
e46f588febb018229e3c2450c4a3d4f0
4904652973205c308ead578918f7ff5a6a27bf0e
855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a73fd-28d5"
last-modified: Tue, 07 May 2024 18:33:33 GMT
cf-cache-status: HIT
age: 132
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388340b6b5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/41543.9ecf6875c.js

154.197.121.128

430 kB

URL
1win-cdn.com/js/41543.9ecf6875c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
430 kB (430129 bytes)
Hash
c5b65ba9bcdf4a8b74109b7edd71738b
a6736f0391e8a90664f851b8ad8b6a022a928a4d
a1941ec36c554e13971b9d740e0e92fc6170c34befaf36f8056b1f7e57b467e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Fri, 05 May 2034 19:14:16 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 606593
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832d90a5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/44101.cd5168bbb.js

154.197.121.128

19 kB

URL
1win-cdn.com/js/44101.cd5168bbb.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
19 kB (18903 bytes)
Hash
de3ad485fbd8858dad495261830e7583
fe9f2034988e14ada4b58a934b9befa95f480ec8
04134c2e0ad03af3065196995089056f5ac18aab777bcf96c5f31e75f1a297e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/44101.cd5168bbb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-8119"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 109650
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fcb0a5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

154.197.121.128

200 OK

362 kB

URL GET HTTP/2
1win-cdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
362 kB (361686 bytes)
Hash
501a0005bfe23bbe983fe25915693c91
744eb5a74ea3f10d459ecb41d3e2cd18c56ce209
64cf5689782a93a9d9cb21301f3d436c3d0f11f276f15bbe6f059179cb980405

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1117
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831dece5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp

154.197.121.128

12 kB

URL
1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12264 bytes)
Hash
45df6c11399190f031e9db37f9f4e785
a8a641e38f707a584b72a5ad5c010e7bbcd7920c
121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 12264
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 138
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388353d725687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/37061.57ea53f4c.js

154.197.121.128

12 kB

URL
1win-cdn.com/js/37061.57ea53f4c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (11797 bytes)
Hash
7379b17877fac32ee61edf0ebb387f38
d413b203ec3b68cc1faa4cef805f9a29766e6221
2dc739c3e2c24ccc076ab14d9a25eed0ce2b25a14e06338c8657c4d4fd35c282

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601243
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fcb095687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a73fd-9305"
last-modified: Tue, 07 May 2024 18:33:33 GMT
cf-cache-status: HIT
age: 136
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388353d745687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png

154.197.121.128

35 kB

URL
1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
35 kB (34925 bytes)
Hash
232d05b165c6b0fc9695db490aa71f47
f04ccc74ebd190747114ceeb882d51db8e9268c6
9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-989a"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 136
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038835de7d5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/casino-mentor.f6b6387ac-172.png

154.197.121.128

1.9 kB

URL
1win-cdn.com/img/casino-mentor.f6b6387ac-172.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 172 x 50, 8-bit colormap, non-interlaced
Size
1.9 kB (1857 bytes)
Hash
3ec6ec7d9016e953c300249c2af5704f
e7b2ec568a2118a744cdd1fabe6fa8959c637532
135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-7b8"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 1516
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837394b5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png

154.197.121.128

972 B

URL
1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced
Size
972 B (972 bytes)
Hash
d75b75efec83a2230764a8fed9d1dd3e
ee4318789396290da2017d433fe622b9a005aff2
24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-40b"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 1516
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837394e5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png

154.197.121.128

8.1 kB

URL
1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 500 x 500, 8-bit colormap, non-interlaced
Size
8.1 kB (8067 bytes)
Hash
953b3b7e0c94ed3c3af678f19b076c5a
993c897eadbd5f11f4fa712cda067ea633c8e68f
d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-2421"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 4155
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837395a5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/betraja.5cf6f15c0-75.png

154.197.121.128

1.1 kB

URL
1win-cdn.com/img/betraja.5cf6f15c0-75.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 75 x 75, 8-bit colormap, non-interlaced
Size
1.1 kB (1054 bytes)
Hash
2840e342f235c6d7d76db654ff6a0edd
8f81dc2954a1e234394d7b284e02742730f25f37
2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663a5087-496"
last-modified: Tue, 07 May 2024 16:02:15 GMT
cf-cache-status: HIT
age: 4155
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883739405687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/uefa.093dd4fef.svg

154.197.121.128

92 kB

URL
1win-cdn.com/img/uefa.093dd4fef.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
92 kB (92515 bytes)
Hash
f02ce9707af8fd75464a6be71db63c58
b6b4f18f6ae2fbf77ccf32a70eb86412a383c098
e895444bff4a118ebd377abc6a262341e7e92f35bc08fd7308f33a85c8f8e3a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1776
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837290c5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c

142.250.74.168

88 kB

URL
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
88 kB (87485 bytes)
Hash
017da21e12b5beed16e57ab5552ff731
a69660caddfaa212852da83ba81dac3bf5ec7737
2ab972a7a883e10683a0f0e5506c1155de731c7733f9b5bc03e25b5d5cae031b

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:16 GMT
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 18:35:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87485
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.168

74 kB

URL
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
74 kB (73922 bytes)
Hash
073d00136e5a4176d045319b594ab3d6
6bada167172c19a1038931378565b6272f5c72f3
ae4a7101f019c8f4ce93c31bc1ea9a387296a20df9169cf331d73e7c03ff877a

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:16 GMT
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 18:35:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73922
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif

104.21.75.209

6.3 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.3 kB (6321 bytes)
Hash
049927e2f79d1b3f7c0db06be6378930
bc6a9c76a5027d6e63381bb7cf0ff70068d06792
8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 600476
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9DygpKPAPf6V61glWRoBf1R%2Biq7dMANwoPOawy6F%2FPMnSDzwb3RFkCCGg9vSmQBCzc1oT6IvYXktC1I5DagzQjA0ZVhsZopca5gE3%2Ba4BF51yQLAbEoNhHKIo8NFWWMf5f22EiNdlY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038839195556b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif

104.21.75.209

5.6 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
5.6 kB (5627 bytes)
Hash
baf3f199ffdfb682bbcd9d3837e517c0
3803d7a122952937942ab92c0724af229c4f2dfe
2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 10236
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FzEUV40kiq0wJiiKkjZ7mbVj2nPHFhwn99c7aed016I%2FrncxfxJ0Wg%2FfzNbvkxVBt2HksiGp5gDeBJN9T8fVBYozwVjNHOGq1qtfwIDgXnMKz4TiVNNXELV7yQ3thpcWs5VgVjQywQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038839195756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif

104.21.75.209

6.1 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.1 kB (6121 bytes)
Hash
172757f78e8e2026f280f94f4d032035
17cea3940511dbbbb5077e78e28ddadef3090931
f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 6024
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQ1maHIEKeBrB0eBywBEvTpEc2HHgZvPhmezr9A5GKVRIeuGfltq0H86DJvNwzsq7Br%2BicOQtTInCGxCYy%2FPJ9Xw0Q1Lo%2FpNJJf9owsRqzEgIe9p1RuQGlgS52Y4REuBiBiRPrSRJ6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038839195656b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif

104.21.75.209

5.1 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
5.1 kB (5097 bytes)
Hash
78c35d95a329313abe507e5fd846f7b7
31fb39c006cc6629f8e0c3041eb47bd3e07c4eec
0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B61Q5D3fk%2BVDPWtC%2BcANUSCW%2FfWh6yyhEC4WPjilotzCSoetHI7jIGMuMSjQPw0Aw1q34GxQbqLFi22sLEwwmJHaDwI59i%2FDWs0UEpzLBu2GIQ99BFqjewFmwfu1YvNRaVvtiUJCbbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038839196056b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/wta.c6d5e2ef3.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/wta.c6d5e2ef3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
2.0 kB (2016 bytes)
Hash
cd4b34b10e66fcedca4399d3eaf78882
3933d096827ad6f9326080f857d95146d664e958
f94f55b1336d6f3fc48be852cc7aed67b5fb8870db9bdc2add5ed9b964eaf708

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1776
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883729135687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/88971.a170f9f22.js

154.197.121.128

884 B

URL
1win-cdn.com/js/88971.a170f9f22.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
884 B (884 bytes)
Hash
a41b4eeaf60ef562b0f91337dd54a229
79965e6a3b59e60f32ef7cc31678ff3e022e4139
b4511079e6009f916b4ebf39f65e62663ca1909731a51171c91c6b3cac209eb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Fri, 05 May 2034 19:14:17 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 615183
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388392d7e5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/nhl.9b1a4945d.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/nhl.9b1a4945d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
12 kB (12338 bytes)
Hash
18147247e1b32a34be204cda1895b89b
218ea56c1ca9f354aca48dc8b7e9937061c99c4e
4c9f3bee0175be5f54310fc631ee7df764e17934fd1cfd687fb5db5c7d1fe8db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1776
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837392d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fiba.4b405b699.svg

154.197.121.128

4.5 kB

URL
1win-cdn.com/img/fiba.4b405b699.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
4.5 kB (4522 bytes)
Hash
d9f84335e857bd2cdb1a1e105b0d6cad
046e1ca03a6b45b58d9f4715052053b3a74f1106
0357a5616ab7ef14b528b55d24abd96515b6e29022b53f3646bf6a8b4de44761

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4178
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038837291e5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/relax.1a68769f8.svg

154.197.121.128

8.0 kB

URL
1win-cdn.com/img/relax.1a68769f8.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
8.0 kB (7953 bytes)
Hash
18d3077126c00bc1ec998480e8d28acf
ac03d5ef85400e3e63c102075fd8a1e069ae29ed
b0e40539d01e08fe65941b7e2779fc46488c2b0ec15fa5816dfb2edb0f133503

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5977
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d3daf5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pragmatic.2e7a96b71.svg

154.197.121.128

200 OK

4.4 kB

URL GET HTTP/2
1win-cdn.com/img/pragmatic.2e7a96b71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
4.4 kB (4352 bytes)
Hash
bf28d800fd98078f37a88cfedb02b76c
c8845d1e7cfe5fbed477d9a4c16a9f7b03048a08
a80bb1d45286db4891aff555189298a2155716fdc3e1dc0a8368c875b3c9fc2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d1d7b5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/rubyplay.b4553f39e.svg

154.197.121.128

200 OK

8.9 kB

URL GET HTTP/2
1win-cdn.com/img/rubyplay.b4553f39e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
8.9 kB (8946 bytes)
Hash
b6911fca02017e78c05b4edd715003df
584bfa16170663a9b3e74803515c076dcc5e4990
f99668a8b486b6fcca2d18ad2a65652279054fc96178a5ce51c0c99fefb490fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4555
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d5e0d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playson.2ff1c7d85.svg

154.197.121.128

8.6 kB

URL
1win-cdn.com/img/playson.2ff1c7d85.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
8.6 kB (8640 bytes)
Hash
18c7d2ee2b7b54c808f6def8fdcd7cfd
8ab990d1dd433a4df23d443f13dcc2be13a8f7d5
8a3fe42e3972acb231ec5a9c252cc6f9cf6e770ee68fbe29fd86455571909ce6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5721
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883cfd595687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playbro.9ed310f23.svg

154.197.121.128

12 kB

URL
1win-cdn.com/img/playbro.9ed310f23.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (11560 bytes)
Hash
b7dea5c6171cef419dac5e06d5bb2006
1443a21ef31db28242324a08f370de143940a9fa
87bf0d6464291fc1e01eb8381161f133983aff51a5a0c27c08b717fa3094c7e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 129
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883cfd545687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/oryx.ddc50c514.svg

154.197.121.128

8.5 kB

URL
1win-cdn.com/img/oryx.ddc50c514.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
8.5 kB (8466 bytes)
Hash
6ab66ccca986932238ef815447f145da
deb22d978207383c7a5c74a7d76d28d225bb2fbf
853d735186b982344834e9a7c7ab53068c1fb00b16f5bb0fe370ce6b0128e55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ced1f5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/quickspin.d9067a98a.svg

154.197.121.128

8.7 kB

URL
1win-cdn.com/img/quickspin.d9067a98a.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
8.7 kB (8716 bytes)
Hash
6f0a384daf350d4dae14760b27185dee
b0711f3692eced9c3763d8139d66bb5bac06ce60
e54f61fd831f9b0ccfae6923aec126ef81a199b06e7d6343137b32fda975de4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2306
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d2d955687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/red%20tiger.157f419e2.svg

154.197.121.128

200 OK

15 kB

URL GET HTTP/2
1win-cdn.com/img/red%20tiger.157f419e2.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
15 kB (14637 bytes)
Hash
7023a9e1ca8b742d24f28ee25ef9787b
fdfe0f424862d904714e93a7c5a744745eee9c16
69652d96598607b1a196052b40e0637041e8094059887fc98fc5de5617f72ac7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 129
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d3da55687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/revolver.25aaacada.svg

154.197.121.128

11 kB

URL
1win-cdn.com/img/revolver.25aaacada.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
11 kB (11371 bytes)
Hash
30e014801671df9b53eb44b7fb1a56e3
b59ab7e9306e2cdd9c78190a9eaa0e447128f04d
7c555a7bfbb21cd96607a8c3a2c1f8c5910db6f7a33addd2b2d5fe8206bd6e8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 129
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d4ddc5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/belatra.1e7508387.svg

154.197.121.128

22 kB

URL
1win-cdn.com/img/belatra.1e7508387.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
22 kB (21568 bytes)
Hash
23603efdc252223e6b05c7ebd860d6da
a5dfaeb1891dbf5f44cdf649a1a70bec02b75e18
f0368667b9e0b95960c774dee9aca56d29f74525c583418b369cac8eb9dc8a59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5724
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a38005687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/itf.9b1402c42.svg

154.197.121.128

13 kB

URL
1win-cdn.com/img/itf.9b1402c42.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
13 kB (12711 bytes)
Hash
d6a9df14ef278c1cbff1cd77bd7b245b
2a39198823ca9976b76e3bb4232db529621ecafc
5c3b082a5ae528e93c114bcc295fc10fcc4be105a55ede0382259b15a59563b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4095
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883739335687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fifa.604717ea7.svg

154.197.121.128

9.2 kB

URL
1win-cdn.com/img/fifa.604717ea7.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
9.2 kB (9245 bytes)
Hash
3f446329154ff8a00f8f39e84004cf7d
7486a3292c23e98ef1692605bb86b43b4f3ef30b
68da54c2333cb571425ab9681f5d05be76f75e43342baeb942e065ea8297fb10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4095
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883739385687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif

104.21.75.209

11 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
11 kB (10793 bytes)
Hash
69589818044ff973aa67c696e7e394fd
0f03ad92c7eb38789b111436be2e733faad871a4
11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrPlkPAsXXSeTYg8Sr9OjWmCgAl59h4XalJcM%2B66wd%2Bs6laqzTKQuUmXJ7Z%2BgSgsQxA79qsiXVjOgTDC1toiLguEvMGmyXAFqOgsINcYHrrP%2BtD7SiPZz2ilHViCG7jtjVDw5O4IJmM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840b82356b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/mascot%20gaming.21cafbe70.svg

154.197.121.128

7.6 kB

URL
1win-cdn.com/img/mascot%20gaming.21cafbe70.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
7.6 kB (7607 bytes)
Hash
d2b3b575c8f8876e2ac0b12c4d89d66e
6bd5ec8736479b885a808a2a743a9b5ed181986f
3bdb569da8aebb9dd58deb59a99d94e0c21b31d2742159a9f212762bf04e8c9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4153
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883c9cbe5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg

154.197.121.128

12 kB

URL
1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (11768 bytes)
Hash
29116714e004b1cb483d1bad3996df13
5665411ab7499b39818875f764523f2051c5f98d
189d9b2ddf3498fd422cd7997fc61b47e8d6904475e9cc9a71514f23b4af881d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038839ef315687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif

104.21.75.209

4.7 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
4.7 kB (4683 bytes)
Hash
4e85a0bde3faf39a0eb79d1afbf94a3c
bfda6edfa14599e73e5a8096ae707b7355fb9d2f
fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
x-request-id: SDhj3o6iI09jSaV1xC7zB
cf-cache-status: HIT
age: 1569
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghMH%2BekkkdKKNK1dFIdoXwrJFcwYdKKeuiMUzg54jwvOkTi7I8StEkFw4Ks0wflPFXGZiiRInbN2Gp0U2PvOzhrARPe2FtoOYu8GFYbngVebTPU0o9topgv8eXkpOEmmnvkvPOkJYqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840c83756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/100hp%20gaming.8352a77d8.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/100hp%20gaming.8352a77d8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
13 kB (13139 bytes)
Hash
b053ebfd317a53166cc25c0bb520ebf8
c19bbe3c9c163fff034f5f6bde6c4f83fbdd4336
72e7848029aa29da711c44de83cdc85f7240db88adf18361a1ef1eab57ab7dc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388398e465687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif

104.21.75.209

6.0 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.0 kB (5951 bytes)
Hash
45ccd50f5dfaf7808c6795422417f214
38499698cec05af36aa2bc0e390952e400486003
50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
x-request-id: vlwtQiswla1uj5KnUB_aU
cf-cache-status: HIT
age: 600476
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KfkU1%2B0P3Esz02Q5%2BPImqwNxUF8%2BQGHsGBHYK8d8iZEFP%2FqCK%2Bd7IYKludh9x7hBznit2i7XIHzTOlYTWvEGkF509Y90LfG545Zi1qZCw%2FqSFICkdmrgFUH%2Fws2uYCb%2BAWiYeJiG3r0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840b82e56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/amatic.1ad22f1f0.svg

154.197.121.128

11 kB

URL
1win-cdn.com/img/amatic.1ad22f1f0.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
11 kB (10767 bytes)
Hash
359e88f079e6a7e176712fa3132fb98a
5f96714028313ecd7ce68894c99a1c7f27e7978e
14ca8037a9920594c6a2e57dba31e622b90be966b9b7ceea8c15701035e4b33d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a0f9f5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif

104.21.75.209

8.2 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
8.2 kB (8197 bytes)
Hash
2bb5dde390003652a0eb9ebe2ec82506
a380f9976a7e050fb4d5d16645fb739f1c012635
8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
x-request-id: ejgpplgS_jgdEjE0wtm06
cf-cache-status: HIT
age: 600476
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgWJ0u448SLQkEJbhp%2BLretnL60F7def9ZRHPxZJSDA78UsYKrzg5YoqBZJ1UVN1TjZrmSC%2B5PTG2zZXN6dS34bJJ692EPGfAcW2RrZfyV%2BKuxE0xXDyIPIG6Dnp2U0XkYH51D72ljc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840c85356b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif

104.21.75.209

6.6 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif
IP
104.21.75.209:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.6 kB (6634 bytes)
Hash
e96a71a5fe56033b87ca3809fb4fab55
22b9068fece941bf32a6e67885ea41fd70233ac6
e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 10268
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMl6%2FJb2%2B6U6llMnTz5cucm5t%2B%2FGaq3twrbyCTY9q87op8Ll8m1QApdLijW4mhbelI%2BECAd2GjTUMuGRoer3kVd9vPaXVHJ47VazTSenzF7BzTeMdNaMaeHdk50SvfGjscpijhrP2vY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840c83a56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/fantasma.8f4e2392c.svg

154.197.121.128

11 kB

URL
1win-cdn.com/img/fantasma.8f4e2392c.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
11 kB (11374 bytes)
Hash
1889574e9ad40a42d29c2fd272c122a0
1ce1f0180f0b8f2a96b8f340271fa41dd9db8cf9
4b4b7262b490fa0b4950270ddd6c6db49110b4d508681489473a13925c061e2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883bdb155687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/yggdrasil.a6bc350dc.svg

154.197.121.128

12 kB

URL
1win-cdn.com/img/yggdrasil.a6bc350dc.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (12219 bytes)
Hash
a653484de9224463f99976414f0d59e4
722a4da532c4a020f27d2053e83c118e9cb78ca0
1ecfbf373fb216290f2c83181fea655694adf2c0e607747136d4cc8ff93bd040

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 129
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dff6b5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamzix.c753c377b.svg

154.197.121.128

9.1 kB

URL
1win-cdn.com/img/gamzix.c753c377b.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
9.1 kB (9102 bytes)
Hash
9b8448e02f4b5b1afc52c2523073a902
d3e626acedd4a6b1018a4df65442b5c2def15418
1f3d09b4b426f3f7f27b48fd7b364e76d2f402f4f8a40910bf62219c75277d80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2302
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883c0b685687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp

154.197.121.128

40 kB

URL
1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
40 kB (39614 bytes)
Hash
14de8fd7c8de24bb9f6f89ddd3c2d480
9635193c712dafa2c58339dee09588880a96a980
633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/webp
content-length: 39614
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4085
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840dccf5687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp

154.197.121.128

25 kB

URL
1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25292 bytes)
Hash
1f85b44a5305e8928fcae8922301d92a
7ecc0724a7560af7c4debc83014bab875eba685b
660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/webp
content-length: 25292
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4085
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840ecd15687-OSL
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png

143.204.42.78

3.9 kB

URL
d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png
IP
143.204.42.78:0
ASN
#16509 AMAZON-02

File type
PNG image data, 124 x 48, 8-bit colormap, non-interlaced
Size
3.9 kB (3884 bytes)
Hash
3219393f1efd01cf2db20820dff57cf2
ebdbcf916084a0d5a70680021d269680e9f41d41
8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06

HTTP Headers

GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Tue, 07 May 2024 18:02:38 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: boTlwYrTB-y_IuHOR9xl2uBvETts78myg0ytMfpuPoXqKNsWHt6-9A==
age: 4301
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.99

206 kB

URL
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 13:33:10 GMT
expires: Wed, 07 May 2025 13:33:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 20468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=471861536.1715109259&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1286206340

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=471861536.1715109259&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1286206340
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=471861536.1715109259&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1286206340 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 19:14:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/ru.svg

154.197.121.128

171 B

URL
1win-cdn.com/img/flags/ru.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
SVG Scalable Vector Graphics image
Size
171 B (171 bytes)
Hash
8313582b9ca7531cca16964e31b35454
dcdcd825e834f01fcc742bd07c6ebacd8d464487
2530709f6868f6f5bf2da682d799872888dba0c18807f15b6e69c41d56750516

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4762
expires: Tue, 07 May 2024 23:14:18 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840ac445687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1715109255619&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=471861536.1715109259&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109259&sct=1&seg=0&dl=https%3A%2F%2F1wriq.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wriq.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wriq.com&tfd=11649

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1715109255619&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=471861536.1715109259&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109259&sct=1&seg=0&dl=https%3A%2F%2F1wriq.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wriq.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wriq.com&tfd=11649
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1715109255619&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=471861536.1715109259&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1715109259&sct=1&seg=0&dl=https%3A%2F%2F1wriq.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wriq.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wriq.com&tfd=11649 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wriq.com
date: Tue, 07 May 2024 19:14:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/pg%20soft.fdb9d6567.svg

154.197.121.128

5.0 kB

URL
1win-cdn.com/img/pg%20soft.fdb9d6567.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
5.0 kB (5009 bytes)
Hash
49da65383a59a979b96d3b1c7548ecf8
42fa381f44414b997216c8a6a956e7404837a587
5b47983460c16e1c0988c901f7cd18f4a5c5affb8571eb13417de081ed6a891b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 255
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ced205687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp

154.197.121.128

48 kB

URL
1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47816 bytes)
Hash
5495ba7e07dc7a05a6008b8585bca92b
f8dadc060dcf17862805f72d7815c9b9b119375e
570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:36 GMT
content-type: image/webp
content-length: 47816
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1
expires: Tue, 07 May 2024 23:14:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388b418525687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/bonus.75b0226c8-1320.webp

154.197.121.128

48 kB

URL
1win-cdn.com/img/bonus.75b0226c8-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47824 bytes)
Hash
8c760c7064f0128ae142377fd17b2a06
edfcaffb6cd42075bfecedd2153fd44764d69df7
32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:36 GMT
content-type: image/webp
content-length: 47824
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1
expires: Tue, 07 May 2024 23:14:36 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388b418595687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/css/48357.321450720.css

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/css/48357.321450720.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (19490)
Size
20 kB (19491 bytes)
Hash
c612b8dc334f97071bd0193e5163597e
faeeddcec1adfa35b47ec9d0220fe8555ae74468
f55f61953438a991f45ae0d9c1be37fd60d198eb413769c34e9565b3f5bfe63e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 611225
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882fdb435687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62825.cf3a1caf6.js

154.197.121.128

200 OK

736 B

URL GET HTTP/2
1win-cdn.com/js/62825.cf3a1caf6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (768), with no line terminators
Size
736 B (736 bytes)
Hash
a56324a88fee02690b8a3ed35e889018
18e9af315ba78b3b7f467894aa838ef2eefee254
dd0ed1a086018d01466171d96d3c7d99fe4a0d88e8d965bd2d08f31dfa541202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Fri, 05 May 2034 19:14:16 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 601244
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832f9415687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderkick.6962312e1.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/thunderkick.6962312e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
ee06089b308c5065a8e92a32b7b38686
2e83ac75ceb109c245525a733cfb3efc97cc42bd
24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 255
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883dcf005687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/21758.dae54c10d.css

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/css/21758.dae54c10d.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (31262)
Size
31 kB (31263 bytes)
Hash
042184ca7fa3adf2a29c3de64253e215
321e3142ce096f24515bf9c5699fda45dcc5e76c
672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 109656
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882b8be05687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/48357.2f661a8c9.js

154.197.121.128

200 OK

9.6 kB

URL GET HTTP/2
1win-cdn.com/js/48357.2f661a8c9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9833), with no line terminators
Size
9.6 kB (9582 bytes)
Hash
ac10e417d3205818d44f428fb5946e98
1e2586b11318351ff352b3155225e2e90617151f
56e1ca7bc3d7559714a27119b6076e3b06a69bc9848518bfac6fac0d55dae24a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48357.2f661a8c9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-256e"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 123386
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882ffb705687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/745.ca3fa56a5.js

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/js/745.ca3fa56a5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
24 kB (24248 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/745.ca3fa56a5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-5eb8"
expires: Fri, 05 May 2034 19:14:15 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381927
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388306c4a5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/max%20win%20gaming.00fa88483.svg

154.197.121.128

200 OK

763 B

URL GET HTTP/2
1win-cdn.com/img/max%20win%20gaming.00fa88483.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
763 B (763 bytes)
Hash
6887ef2393d55338db36ccf501d3b364
cada230cfe07fd9fda37cfde92abc048879815bf
9a8cda3aaf7794cfa521832e211f826e61a93bbe5c0105671dc790b6bed65732

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5722
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883cacd55687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wriq.com/affiliate:link_visit?visit_domain=1wriq.com&sub_ids=undefined

190.115.24.78

200 OK

37 B

URL GET HTTP/2
1wriq.com/affiliate:link_visit?visit_domain=1wriq.com&sub_ids=undefined
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wriq.com/
Certificate
IssuerLet's Encrypt
Subject1wriq.com
FingerprintDF:A9:73:A2:77:5D:83:6D:80:AD:EF:1D:2D:85:BC:41:07:53:2E:99
ValiditySun, 05 May 2024 03:37:26 GMT - Sat, 03 Aug 2024 03:37:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
37 B (37 bytes)
Hash
2f6af1a09e6d352c1603fe2326189744
baed183cee7c7fd534e8519a683c9f398e696329
7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wriq.com&sub_ids=undefined HTTP/1.1
Host: 1wriq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wriq.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=YlPDaTXYLBrCsVX3RHIG; visit_domain=1wriq.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 19:14:15 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.69.200:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.168

200 OK

263 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
263 kB (262564 bytes)
Hash
ca55c42c7aeff4a88b0fa0c7c263bdff
ac46877b13c8a160d8d5aaa2bc95d519034f37ed
c30d38cda918e8cdd2d914d56be3ca655a4f8fddef470e189d61a5c20c938de3

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 19:14:16 GMT
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91540
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/js/8653.ed7806659.js

154.197.121.128

200 OK

952 B

URL GET HTTP/2
1win-cdn.com/js/8653.ed7806659.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (994), with no line terminators
Size
952 B (952 bytes)
Hash
1a63c0338e50d3b4dfe4a7cea9098d20
3915a35a401582840fc4139f2a94260a8cc21c12
5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Fri, 05 May 2034 19:14:16 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 605597
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038832d9045687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/atp.e87cf2801.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/atp.e87cf2801.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (12058 bytes)
Hash
3fc6d0c6036c51b4dfe66e116e849214
86ce1aaadafc27a3777f00411012d449f3ae9637
8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4178
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883739305687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cool%20games.019d15340.svg

154.197.121.128

200 OK

3.6 kB

URL GET HTTP/2
1win-cdn.com/img/cool%20games.019d15340.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3603 bytes)
Hash
c3efa9849696becabebca718837f0827
96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653
ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883b6a075687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16852, version 1.0
Size
17 kB (16852 bytes)
Hash
c4f31a30bdf4dbced79fb75fc03111cf
14765799051deb933539e19f1ffa26198cabd4c1
cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-41d4"
expires: Fri, 05 May 2034 19:14:16 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=BlbGfZ6qr_2xBNnUh.sdjWh8mH1vDMWMk9uFFBfYIQ4-1715109256-1.0.1.1-uwFj6VQZnAOJjcD6fvxd8Q0SEwDFtqtJPx1FiimZBfFaPcRdDgYHoVzKCjimokVyLL7vvv6okU7gJnVAEzDewg; path=/; expires=Tue, 07-May-24 19:44:16 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883388520b51-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/46719.c1d2eb9c5.js

154.197.121.128

200 OK

527 B

URL GET HTTP/2
1win-cdn.com/js/46719.c1d2eb9c5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (545), with no line terminators
Size
527 B (527 bytes)
Hash
8375a4110ec42498df870269f31e79db
d974e51c02dbdc175ffa8d4384b385ecce38e581
b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Fri, 05 May 2034 19:14:17 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 614090
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388391d5d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/78449.1776bac9f.js

154.197.121.128

200 OK

786 B

URL GET HTTP/2
1win-cdn.com/js/78449.1776bac9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (804), with no line terminators
Size
786 B (786 bytes)
Hash
3997e692861614602ae0ad581192673b
274ba9d8795299558fc25f0bdceb6997a27b8a4d
70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Fri, 05 May 2034 19:14:17 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 606362
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a0f9b5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif

104.21.75.209

200 OK

8.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.4 kB (8415 bytes)
Hash
19f229b84c704888d3b7a617d4ea0d5f
ead41a6984c57debbde1fdbe6820dcdd07634f99
2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 2129
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2BXQroT00QMR8avUiPgP6cR5Jc0hG8JbMvGy5UthrRRv8nnexua4pDxe4xT0EBOGw83ndEIHcF3mB2D%2BDSVDLmgtmSmPXkb0mimnrVl1SkpH9AFc7K93SGNTIq2UQWeeBh4%2FKZAd7J8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883eec8756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif

104.21.75.209

200 OK

7.5 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.5 kB (7460 bytes)
Hash
91cb93c7b3bcfdaf5be22dd889c68647
20c0af4b44bfe11283e15f237fa8c762a10d4711
c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BIlqbDaE54FNKVKj0gBn%2B9uTB%2FPLgz2Q1jHohIR4tuC%2BGkD0gS3uNZv0%2FSOa5gxfdVbZqQKeNijPRO4Uvv8ht7Q1NUWjnAJDsQMzmAwCiBs4NV6veIudxtO6Y8dms6iu6%2BU3kDXt%2Bzo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840c83d56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1

154.197.121.128

200 OK

4.9 kB

URL GET HTTP/2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (5344), with no line terminators
Size
4.9 kB (4946 bytes)
Hash
89c96dfa73f51909c42f915c5b1ce6b3
8f3d17e349c684d68b50031a265ca235e8b62ef4
e6f6767e9ba421bcdab27d342e23dabfee1bbcc7b0691e1a009041e02f73eb2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wriq.com
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Tue, 07 May 2024 19:14:16 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=r0oT7yKxSVQWIq8Gl.zY6_1_QO3PqMtRXtxwILVkpKA-1715109256-1.0.1.1-rvE81j1bGVdu3dXJBXzqbB9sB83XtHzUFtROkgiquCIcc30bgl_GkqS3JH7Ipa5D4epPNo5OzacL5NPfXApfcQ; path=/; expires=Tue, 07-May-24 19:44:16 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 880388352aa70b51-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wriq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/atmosfera.32402e33f.svg

154.197.121.128

200 OK

9.0 kB

URL GET HTTP/2
1win-cdn.com/img/atmosfera.32402e33f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (8973 bytes)
Hash
3ba4610ae40c2d70390afaa7cba36721
01eeff20113a096675d71c018a7f109c8e53da28
815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2307
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a2fd55687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/silverback.297288e25.svg

154.197.121.128

200 OK

42 kB

URL GET HTTP/2
1win-cdn.com/img/silverback.297288e25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
42 kB (41693 bytes)
Hash
2910b9f6ba7f900a0246432d2777b217
86b09b58a3eb69c70f175e577cfefd4efe1dfa0c
b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5721
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883d6e3d5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif

104.21.75.209

200 OK

9.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.4 kB (9433 bytes)
Hash
7eb2cba4654091d306b65c6fe0a8f631
e1a4eecb3f5db01aa2774cf811e3c2cda95f426b
ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 10268
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dEd%2BgbsXgF8ciPHt34kAPHlBh3re37N%2B3LFsAeQPcPH71HvB1M%2BR2ddzAB6Tlk%2B09a9pGNRCnIKbvGsYwdAqmyc3LZtQyiwCO958l%2Fs4uEof9VVUEX3Sp8Y20kI72jxH%2BA4Q%2BwSP2JE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840d86b56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif

104.21.75.209

200 OK

5.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.3 kB (5298 bytes)
Hash
2644fa31ed595bed0cb922c0c7539272
de9318bf140b0f2ea79f367170734ff434917747
8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MzExOTVhLWMyMGQi"
x-request-id: uUYzSMqbksJzETyQNoHBA
cf-cache-status: HIT
age: 600478
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9R%2FanMhrl2F0%2B9g7AVrk3GZtN3i1GJIuXpf4dBBPgKgicFtDtfnAGqI0eHJ%2Bp2vt%2FDVt4Xd%2BUR43IYSY6fnfIxIdZCzFUvJU28J7ZZ0Z%2F4nSerLQtck9seNHQWb1TrpNLJc%2BzW8%2BqLA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038835cbb456b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif

104.21.75.209

200 OK

6.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.4 kB (6364 bytes)
Hash
4e7067f0087797bc8a2752288c82d468
7a97f30b9cf7b7c0167847006aefcd3411e4c414
626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 1569
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBj21Tfvfw4eJCKoEQovLz%2FvwijfW1XJ%2B9JBXpu5Y350O7oDVRMczBStx7tfmi8ssxInpyi4hRkC8maEGE4p%2BuFuWWD%2FLuwq7JfJ2DtU2Q8uH3axoDt8t1yrVClAQvJEsWJi5r2%2FfBY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038840d86656b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/betsolutions.5d0a153ca.svg

154.197.121.128

200 OK

1.6 kB

URL GET HTTP/2
1win-cdn.com/img/betsolutions.5d0a153ca.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1565 bytes)
Hash
066b7782f9f8acb732cd85f2df1344ac
7bb3c193cb5dd835fec3e3ce7ed032be4200afc9
95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a685b5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.9b5c75c67.js

154.197.121.128

200 OK

136 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.9b5c75c67.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136446 bytes)
Hash
9eebcb6129446dab979c616c8120ceb5
d603f59235b73fd8095b3c3603d2df07b7595114
fa71e514244054c26beabc7e01ded735bea5c36ed6f7bad606e3272a74a161f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.9b5c75c67.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-214fe"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 21063
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803882b8beb5687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp

154.197.121.128

200 OK

430 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
430 kB (429680 bytes)
Hash
abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/webp
content-length: 429680
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: "663a5087-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 132
expires: Tue, 07 May 2024 23:14:16 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388340b685687-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/gameart.7beff0d18.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/gameart.7beff0d18.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2608 bytes)
Hash
0316280cc350cb02b448e29142cbc493
16182a01de1fe9f3918bdfff51002844776c1b08
be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883beb335687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wriq.com/img/icons/favicon-16x16-darkmode.png

190.115.24.78

200 OK

344 B

URL GET HTTP/2
1wriq.com/img/icons/favicon-16x16-darkmode.png
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wriq.com/
Certificate
IssuerLet's Encrypt
Subject1wriq.com
FingerprintDF:A9:73:A2:77:5D:83:6D:80:AD:EF:1D:2D:85:BC:41:07:53:2E:99
ValiditySun, 05 May 2024 03:37:26 GMT - Sat, 03 Aug 2024 03:37:25 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
344 B (344 bytes)
Hash
55101f46ace081073c98f0d75229ae94
384e813b0f35437de99eb269c7d5c76479e20886
e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wriq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __ddg1_=YlPDaTXYLBrCsVX3RHIG; visit_domain=1wriq.com; core-sticky=http://10.233.69.200:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 01:58:47 GMT
content-type: image/png
content-length: 344
last-modified: Mon, 06 May 2024 11:24:49 GMT
etag: "6638be01-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 62128
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket

134.122.54.186

101 Switching Protocols

0 B

URL GET HTTP/1.1
1win.direct/v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket
IP
134.122.54.186:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://1wriq.com/
Certificate
IssuerLet's Encrypt
Subject*.1win.direct
Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27
ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wriq.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wriq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5xlWa9ep6/X+hedM3kA1oQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: 4tG1tzVPHcBMziOCeVy1mjAeHpM=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=80f33266e584518e; Path=/; HttpOnly
Upgrade: websocket

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3066 bytes)
Hash
ced188fd368f5c8439ebd4398c9c9315
3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea
82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:16 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5092
expires: Tue, 07 May 2024 23:14:15 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88038831ff045687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/apollo%20play.610da8846.svg

154.197.121.128

200 OK

5.5 kB

URL GET HTTP/2
1win-cdn.com/img/apollo%20play.610da8846.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5515 bytes)
Hash
50314c7ffb9d11a02d2c58c66e124e29
3ebfb6e02132e3281c64e7866a621fc9ff43678e
c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2307
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a1fc85687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsoft.cc500155f.svg

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/betsoft.cc500155f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.7 kB (4742 bytes)
Hash
fa91200f1738243c9a1bf9ebf853c238
43a438416c285aaf55c7f2edb2676616ffa0c838
9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a68575687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif

104.21.75.209

200 OK

9.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.3 kB (9300 bytes)
Hash
19ea6dc62a4b1d3b87a9940660698dd1
8c3052c6f52d60b40824437d282619e91034db7a
37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 6435
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cdTy4C%2Fh%2FggKeoUwbAAKcSlItzv%2BdwKMdNzed452gCaVQ6wESy56eyzTqzP4XaDLsjbGVtHx%2FBCiz75AsS2IwBi3C8gFaliwIH%2Fxr3lVyzUNWvCyY%2FveHx0Wy10SYXMUVtwWK5zLXww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883eec7856b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/index.52fa365b9.js

154.197.121.128

200 OK

201 kB

URL GET HTTP/2
1win-cdn.com/js/index.52fa365b9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
201 kB (201190 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.52fa365b9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-311e6"
expires: Fri, 05 May 2034 19:14:14 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2155
set-cookie: __cf_bm=27G0xGBC9g3fuoktaZM0tixOVaQ6vcf4uegVUMiF_mg-1715109254-1.0.1.1-Sc_1SUv5U.MR58LlNTrVihb2iTiGV6UPqtDWLKI_Ntpi2zSvac.Nwp.IX_5W96OZL96FhvuwGvjHNqZpfC7cmA; path=/; expires=Tue, 07-May-24 19:44:14 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880388291f545687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bet2tech.41863da88.svg

154.197.121.128

200 OK

1.8 kB

URL GET HTTP/2
1win-cdn.com/img/bet2tech.41863da88.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1823 bytes)
Hash
37036b9327cf2f08f10c828a969255cc
110c9e121e3f79982f785db63213d01a94faf4b0
13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 131
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a38045687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bf%20games.7559aed26.svg

154.197.121.128

200 OK

5.0 kB

URL GET HTTP/2
1win-cdn.com/img/bf%20games.7559aed26.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.0 kB (4994 bytes)
Hash
b94bb2811096b861bfbf8fbcd4de9149
17418a385bb399e79588ba1f6d3ee661c40197c5
c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:17 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 16:02:15 GMT
etag: W/"663a5087-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4556
expires: Tue, 07 May 2024 23:14:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883a68695687-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif

104.21.75.209

200 OK

7.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.4 kB (7441 bytes)
Hash
7d78a951d170034c2ce027bf5ea6c69f
56ffbce11b718eceeb70ad7ac12f28f44f3c8b93
8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMlRPm0LGOcVzOSyVyFkblaJW2HsvLyg%2BkR1lm%2FJwiIj6mgv2Jex5HyCL%2FFGDuh3wbXz4S8PLhXvXnelPHsXk4ZL6KZlWkP5BhVoNgOaUDpzZ0fWqM5gkxXNxopFrhM%2FyvLc3AnxlQo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883ebc4556b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif

104.21.75.209

200 OK

8.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif
IP
104.21.75.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wriq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.3 kB (8337 bytes)
Hash
9867f5ddac7eff5f2fd88dfdec8fd493
6ea9a242437fe23c61e09a00030ae3eee78d3cd1
2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wriq.com/
Cookie: __cf_bm=KOJhJA3enAHtQk616gqB2FZ1DeoQsqQFfvffRzhHH2o-1715109254-1.0.1.1-nc.2YTzSNRkBuidIuVdFM2twdtS129UWMh8Sh7dsm10I9TCNSxJd0Y_e.L.SPkOsFaa4V25RHIVLG3t9F_1gaw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:14:18 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
x-request-id: I85TlysGV19zGB3VN3wxj
cf-cache-status: HIT
age: 600477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XunItYARec41gQWy2LC0hZ1i7FdBa4ewpimkGSF2Q1lzJrYf4Nzi%2BovoZJHh24TXggsG8hjycPOo15W05Fi2E8AtQQPmcnhvF%2BB5jBG%2BTFQlQqjnsBiGSERjrSBaX%2BlUAiO9PHTb8Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803883efc9f56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (81)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash